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DETAILED ACTION 
Claim Objections 

1 . Claims 8-1 5 are objected to because of the following informalities: 

In claim 8, line 9, the phrase "in said set" should be corrected as -in said set of 
roles- for clear understanding of the claim. Similar correction should be made for claim 
12; and 

In claim 9, line 2, the phrase "said to a set of roles" should be corrected as -said 
role to said set of roles- for clear understanding of the claim. Similar correction should 
be made for claim 13. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Independent claim 1 is drawn towards a server page comprising at least one 
markup language fragment defining a user interface, an additional markup language 
fragment defining a link and a custom tag including said additional markup language 
fragment. This is just an abstract idea cab be written in a computer programming code. 
In order for an abstract claim to be statutory, it must result in useful, concrete, and 
tangible results. The final result achieved by the claimed invention does not produce 
any tangible result. 
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Claims 2 and 3, which are dependent on claim 1 , do not add any tangible results 
to the claim and thus are rejected for the same. 

Independent claim 4 is drawn towards a system comprising an application 
framework, a first view and access checking logic to omit a linkage. This is just an 
abstract idea can be written in a computer programming code. In order for an abstract 
claim to be statutory, it must result in useful, concrete, and tangible results. The final 
result achieved by the claimed invention does not produce any tangible result. 

Claims 5-7, which are dependent on claim 4, do not add any tangible results to 
the claim and thus are rejected for the same. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claim 1 is rejected under 35 U.S.C. 102(e) as being anticipated by Bazinet et al. 
(hereinafter Bazinet)(U.S. Pub. No. 2003/0167298 A1). 

Regarding claim 1 , Bazinet teaches as follows: 

a server page (Web pages) configured for processing by a server page engine 
(portal server 100 in figure 1)(Web pages sent by the portal server, see, e.g., page 2, 
paragraph [0026], lines 10-17), the server page comprising: 
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at least one markup language fragment (see, e.g., page 2, paragraph [0026], 
lines 12-16) defining a user interface for a first view (authentication information received 
from the client include a user name and password combination, see, e.g., page 4, 
paragraph [0037], lines 5-11, based on this user information the portal application 502 in 
figure 5 shows the identified user, see, e.g., page 4, paragraph [0039]); 

an additional markup language (HTML, see, e.g., page 4, paragraph [0041]) 
fragment defining a link to a second view (the second view is interpreted as a page 
leading to the backend applications in backend system 118, 120 and 122 in figure 1)(the 
portal application, 102 in figure 1 and 502 in figure 5, generates a page to the client 
containing entries corresponding to the backend applications, see, e.g., page 3, 
paragraph [0038]); 

a custom tag (instructions 506 in figure 5, see, e.g., page 4, paragraph [0039]) 
conditionally including said additional markup language fragment only if a role detected 
for an end user attempting to access the first view also has been defined in a 
deployment descriptor (portal generic objects database, 203 in figure 2, see, e.g., page 
2, paragraph [0030]) as an authorized role for accessing said second view (the first Web 
page shows the instruction tag for users to select eligible applications based on the 
access privileges of the authenticated user, see, e.g., page 3, paragraph [0030] and 
[0038]); and 

the first view provides a Web page for a secure session between the client and 
the portal server and the second view provides another Web page for a connection 
between the client and the backend system only for the authenticated user based on the 
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access privileges of the authenticated user, see, e.g., page 3, paragraph [0037] and 
[0038]). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 2 and 3 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bazinet et al. (hereinafter Bazinet)(U.S. Pub. No. 2003/0167298 A1) as applied to claim 
1 above, and further in view of Schenk (U.S. Pub. No. 2006/0004887 A1). 

Regarding claims 2 and 3, Bazinet teaches as follows: 

said first and second views (Web pages) are Java server pages (see, e.g., page 
2, paragraph [0026], lines 10-17); and 

deployment descriptor (portal generic objects database, 203 in figure 2, see, e.g., 
page 2, paragraph [0030]) is a configuration file for an application framework (Web page 
sent to the client in JSP) incorporating said JSPs (the Web page is configured based on 
the portal generic object database, see, e.g., page 3, paragraph [0038]). 

Bazinet does not explicitly teach using Struts framework as the application 
framework incorporating the JSPs. 

Schenk teaches as follows: 

a configuration file is used to configure the presentation of an object (see, e.g., 
page 2, paragraph [0015]); and 
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Java server pages can be generated with Struts framework, as open source 
framework of utilizing pre-stored design patterns (see, e.g., page 2, paragraph [0017], 
lines 15-19). 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Bazinet to include Struts framework as an application framework 
incorporating the JSPs as taught by Schenk in order to facilitate the development of 
JSPs applications. 

8. Claims 4 and 6-16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bazinet et al. (hereinafter Bazinet)(U.S. Pub. No. 2003/0167298 A1), and further in 
view of Vasandani et al. (hereinafter Vasandani)(U.S. Patent No. 6,985,946 B1). 
Regarding claim 4, Bazinet teaches as follows: 

a system for programmatic role-based security in a dynamically generated user 
interface, the system comprising: 

an application framework configured through a deployment descriptor (portal 
generic objects database) comprising a listing of a set of views (n generic objects 204 in 
figure 2, each object creates different view), a listing of associated program logic (based 
on the access privileges of the authenticated user the database lists different access 
level) and a listing of a set of authorized actions (read, read/write, or no access, 208 in 
figure 2, indicates the roles) for selected ones of said views (see, e.g., page 2, 
paragraph [0030]); 

a first view (502 in figure 5) listed in said deployment descriptor (portal generic 
objects database) and comprising a linkage to a second view (linkage to the backend 
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applications 126 in figure 1) listed in said deployment descriptor (the portal application 
generates a page to the client containing entries corresponding to the backend 
applications that the authenticated user can access based on the access privileges of 
the authenticated user, see, e.g., page 3, paragraphs [0038] and figure 5); and 

access checking logic disposed in said first view and programmed to omit said 
linkage (no access) where a role of an end user accessing said first view is not 
authorized to access said second view according to said listing of said set of authorized 
roles in said deployment descriptor (the instructions, 506 in figure 5, only shows what 
are authorized to the client, see, e.g., page 4, paragraph [0040] and figure 5). 

Bazinet does not teach the security control by user roles. 

Vasandani teaches as follows: 

providing role based access security within a networked computing system (see, 
e.g., col. 2, lines 40-43); and 

the method for providing an authentication and authorization pipeline having a 
userlD-roles database and a resource-roles database for use in a web server to grant 
access to web resources to users (see, e.g., col. 2, line 58 to col. 3, line 9). 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Bazinet to include the method of role based security access as 
taught by Vasandani in order to efficiently control security access by the user's roles 
predefined. 

Regarding claim 6, Bazinet teaches as follows: 

said program logic comprises servlets and wherein said views comprise Java 
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server pages (the Web page sent by the portal server to the clients may include Java 
server pages, see, e.g., page 2, paragraph [0026], lines 12-17). 
Regarding claim 7, Bazinet teaches as follows: 

a custom tag (instructions 506 in figure 5, see, e.g., page 4, paragraph [0039]) 
disposed in said first view for invoking said access checking logic and for omitting said 
linkage responsive to said access checking logic (the first Web page shows the 
instruction tag for users to select eligible applications based on the access privileges of 
the authenticated user, see, e.g., page 3, paragraph [0030] and [0038]). 

Regarding claim 8 and 12, Bazinet teaches as follows: 

a method for programmatic user privilege based security in a dynamically 
generated user interface (see, e.g., abstract), the method comprising the steps of: 

authenticating access to a rendering of a selected view based upon an end 
user's privileges (access privileges of the authenticated user) requesting access to said 
selected view (see, e.g., step 414 in figure 4 and page 3, paragraph [0037]); 

processing said selected view to identify a method call to access checking logic 
(see, e.g., steps 422-434 in figure 4 and page 4, paragraphs [0042]-[0044]); and 

disposing a link to said different view in said rendering of said selected view if 
user's privilege matches the privilege stored in the portal generic objects database (see, 
e.g., page 3, paragraph [0038] and step 416 in figure 4). 

Bazinet does not teach role based security access and following steps of using it 
but all limitations with user's privilege based security access. 

Vasandani teaches as follows: 
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providing role based access security within a networked computing system (see, 
e.g., col. 2, lines 40-43); 

the method for providing an authentication and authorization pipeline having a 
userlD-roles database and a resource-roles database for use in a web server to grant 
access to web resources to users (see, e.g., col. 2, line 58 to col. 3, line 9); and 

comparing said role (userlD-roles object, 21 1 in figure 4) to a set of roles 
(roles/access database, 422 in figure 4) authorized to access a different view 
(requested resource) associated with said access checking logic (the roles authorization 
module retrieves the database entry for the requested resource using the URI and 
attempts to match a role from the userlD-roles object with the roles in the roles/access 
database entry, see, e.g., col. 8, lines 1-4). 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Bazinet to include the method of role based security access as 
taught by Vasandani in order to efficiently control security access by the user's roles 
predefined. 

Regarding claims 9-11 and 13-15, Vasandani teaches as follows: 
said step of authenticating comprises the step of comparing said role (userlD- 
roles object, 211 in figure 4) to a set of roles (roles/access database, 422 in figure 4) 
associated with said selected view to locate a match for said role (the roles 
authorization module retrieves the database entry for the requested resource using the 
URI and attempts to match a role from the userlD-roles object with the roles in the 
roles/access database entry, see, e.g., col. 8, lines 1-4); 



Application/Control Number: 10/759,409 Page 10 

Art Unit: 2154 

said locating step comprises the step of parsing a deployment descriptor 
(roles/access database, 422 in figure 4) for an application framework hosting said 
selected view and said different view to identify said set of roles (this is inherent process 
for authorization module 202 in figure 4, see, e.g., col. 7, line 53 to col. 8, line 11); and 

said processing step comprises the step of invoking external access checking 
logic for a located server page tag referencing said access checking logic (this is 
inherent process for authorization module 202 in figure 4, see, e.g., col. 7, line 53 to col. 
8, line 11). 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Bazinet to include the method of role based security access as 
taught by Vasandani in order to efficiently control security access by the user's roles 
predefined. 

Regarding claim 16, Bazinet teaches as follows: 

A method for programmatic user privilege based security in a dynamically 
generated user interface (see, e.g., abstract), the method comprising the steps of: 

configuring a deployment descriptor (portal generic objects database, 203 in 
figure 2)(populating a portal generic object database, see, e.g., page 3, paragraph 
[0032]); and 

composing a server page to include a reference to said external access checking 
logic and to invoke said external access in order to conditionally incorporate a link to a 
specific view associated with a specific set of authorized roles (the portal application, 
102 in figure 1 and 502 in figure 5, generates a page to the client containing entries 
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corresponding to the backend applications, see, e.g., page 3, paragraph [0038]). 
Vasandani teaches as follows: 

providing role based access security within a networked computing system (see, 
e.g., col. 2, lines 40-43); 

the method for providing an authentication and authorization pipeline having a 
userlD-roles database and a resource-roles database for use in a web server to grant 
access to web resources to users (see, e.g., col. 2, line 58 to col. 3, line 9); and 

programming external access checking logic to match a parameterized role 
(userlD-roles object, 21 1 in figure 4) with a role disposed in said set of roles in said 
deployment descriptor (roles/access database, 422 in figure 4)(the roles authorization 
module retrieves the database entry for the requested resource using the URI and 
attempts to match a role from the userlD-roles object with the roles in the roles/access 
database entry, see, e.g., col. 8, lines 1-4). 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Bazinet to include the method of role based security access as 
taught by Vasandani in order to efficiently control security access by the user's roles 
predefined. 

9. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bazinet et 
al. (hereinafter Bazinet)(U.S. Pub. No. 2003/0167298 A1) and Vasandani et al. 
(hereinafter Vasandani)(U.S. Patent No. 6,985,946 B1) as applied to claim 4 above, and 
further in view of Schenk (U.S. Pub. No. 2006/0004887 A1). 

Regarding claim 5, Bazinet and Vasandani teach all the limitations of claim 4 as 
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explained above except for using Struts framework as the application framework 
incorporating the JSPs. 

Schenk teaches as follows: 

a configuration file is used to configure the presentation of an object (see, e.g., 
page 2, paragraph [0015]); and 

Java server pages can be generated with Struts framework, as open source 
framework of utilizing pre-stored design patterns (see, e.g., page 2, paragraph [0017], 
lines 15-19). 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Bazinet and Vasandani to include Struts framework as an 
application framework incorporating the JSPs as taught by Schenk in order to facilitate 
the development of JSPs applications. 

Conclusion 

10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeong S. Park whose telephone number is 571-270- 
1597. The examiner can normally be reached on Monday through Thursday 7:30 - 5:00 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nathan Flynn can be reached on 571-272-1915. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
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published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Sen/ice Representative or access to the automated WdiQ^uttotfo 



system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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